package com.iiifi.kite.xss.core;

import java.io.IOException;

import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationContext;
import com.fasterxml.jackson.databind.JsonDeserializer;
import com.iiifi.kite.xss.utils.XssUtil;

import lombok.extern.slf4j.Slf4j;

/**
 * jackson xss 处理
 *
 * @author kite@iiifi.com 花朝
 */
@Slf4j
public class JacksonXssClean extends JsonDeserializer<String> {

    @Override
    public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
        // XSS filter
        String text = p.getValueAsString();
        if (text == null) {
            return null;
        } else if (XssHolder.isEnabled()) {
            String value = XssUtil.clean(text);
            log.warn("Json property value:{} cleaned up by mica-xss, current value is:{}.", text, value);
            return value;
        } else {
            return text;
        }
    }
}
